2 matches found
CVE-2018-20971
CVE-2018-20971 affects the WordPress plugin “church-admin” prior to version 1.2550. The vulnerability is a Cross-Site Request Forgery (CSRF) that targets the upload of a bible reading plan. Public sources in the connected documents corroborate the issue as a CSRF in the plugin affecting uploads; ...
CVE-2023-30782
CVE-2023-30782 is a reported unauthenticated, reflected XSS vulnerability in the WordPress plugin Church Admin (Andy Moyle) up to version 3.7.5. Patchstack lists a fixed version of 3.7.6. The vulnerability affects unauthenticated users and is categorized as a reflected XSS (CVSS 7.1 per Patchstac...